docCINA meeting - SYSMA@IMT Lucca
download 
Reclamo Transcript
CINA meeting - SYSMA@IMT Lucca
Specification and Verification of Concurrent and Distributed Systems C.I.N.A. meeting Riccardo Traverso Giorgio Delzanno Pisa, February 5th, 2013 R. Traverso, G. Delzanno C.I.N.A. meeting 1/20 The starting point: Ad Hoc Networks (AHN) R. Traverso, G. Delzanno C.I.N.A. meeting 2/20 The starting point: Ad Hoc Networks (AHN) R. Traverso, G. Delzanno C.I.N.A. meeting 2/20 The starting point: Ad Hoc Networks (AHN) R. Traverso, G. Delzanno C.I.N.A. meeting 2/20 The starting point: Ad Hoc Networks (AHN) R. Traverso, G. Delzanno C.I.N.A. meeting 2/20 The starting point: Ad Hoc Networks (AHN) R. Traverso, G. Delzanno C.I.N.A. meeting 2/20 The starting point: Ad Hoc Networks (AHN) R. Traverso, G. Delzanno C.I.N.A. meeting 2/20 Parameterized verification on AHN Given a protocol (automaton) and its associated transition system (AHN), compute: reachability of a configuration with at least one process in a given state (COVER); reachability of a configuration with all processes in a given state (TARGET); existence of a computation traversing infinitely often configurations with at least one process in a given state (REPEAT-COVER). R. Traverso, G. Delzanno C.I.N.A. meeting 3/20 Results on AHN problems Those problems are all undecidable for arbitrary graphs. There are some decidability results by restricting COVER to configurations in specific classes of graphs. By introducing mobility in the model, COVER, TARGET and REPEAT-COVER become decidable. R. Traverso, G. Delzanno C.I.N.A. meeting 4/20 Aim To investigate the interplay between richer models of distributed systems and the underlying communication topology. Features inspired from routing protocols for Ad Hoc Networks: dynamic networks; more realistic communication (synch. vs asynch, broadcast vs unicast); node identifiers. Theoretical research: existing approaches are mostly about modelling rather than analysis. R. Traverso, G. Delzanno C.I.N.A. meeting 5/20 With whom do we work? R. Traverso, G. Delzanno C.I.N.A. meeting 6/20 Collaborations Uppsala University, Program Verification Group: Parosh Aziz Abdulla (prof.), Faouzi Atig (PhD), Othmane Rezine (PhD student) University Paris Diderot - Paris 7 - LIAFA: Arnaud Sangnier (prof.) Università di Bologna INRIA - FOCUS Research Team: Gianluigi Zavattaro (prof.) R. Traverso, G. Delzanno C.I.N.A. meeting 7/20 Which are the models considered? R. Traverso, G. Delzanno C.I.N.A. meeting 8/20 Reconfigurable Broadcast Networks (RBN) Synchronous broadcast and reception of messages (like AHN). Random rearrangements of the network connections. R. Traverso, G. Delzanno C.I.N.A. meeting 9/20 RBN: Parameterized Reachability Problem We consider cardinality constraints (CC) on the number of processes in a given control state: ' ::= a #q < b j ' ^ ' j ' _ ' j :' (a 2 N , q is a local control state, and b 2 (N n f0g) [ f+1g) PRP: can we reach a configuration satisfying some CC an initial configuration? ' from No restrictions on the initial number of processes. R. Traverso, G. Delzanno C.I.N.A. meeting 10/20 RBN: Results (FSTTCS12) PRP is PTime-complete for CC without negation and with only #q 1 atoms. For CC with #q 1 atoms and negation PRP is NP-complete. PRP is PSpace-complete for unrestricted CC. R. Traverso, G. Delzanno C.I.N.A. meeting 11/20 RBN: Extension with node identifiers Each node in a configuration has its own identifier (unbounded data domain). It is a basic requirement in order to build routing tables. Identifiers may be: exchanged with broadcast messages; saved in local variables; tested for equality. R. Traverso, G. Delzanno C.I.N.A. meeting 12/20 RBN: Extension with node identifiers (in progress) We consider COVER, without network reconfigurations (fully connected case): 1 RO + 1 RW locals, 1 ID per message 1 RW local, 1 ID per message ) = undecidability decidability And with reconfigurations: 1 RO + 1 RW locals, 2 ID per message 1 RO + 1 RW locals, 1 ID per message R. Traverso, G. Delzanno ) = ) =) = C.I.N.A. meeting undecidability decidability? 13/20 Asynchronous Broadcast Networks (ABN) (with multisets as mailboxes) R. Traverso, G. Delzanno C.I.N.A. meeting 14/20 Asynchronous Broadcast Networks (ABN) (with multisets as mailboxes) R. Traverso, G. Delzanno C.I.N.A. meeting 14/20 Asynchronous Broadcast Networks (ABN) (with multisets as mailboxes) R. Traverso, G. Delzanno C.I.N.A. meeting 14/20 Asynchronous Broadcast Networks (ABN) (with multisets as mailboxes) R. Traverso, G. Delzanno C.I.N.A. meeting 14/20 Asynchronous Broadcast Networks (ABN) (with multisets as mailboxes) R. Traverso, G. Delzanno C.I.N.A. meeting 14/20 Asynchronous Broadcast Networks (ABN) (with FIFO queues as mailboxes) R. Traverso, G. Delzanno C.I.N.A. meeting 15/20 Asynchronous Broadcast Networks (ABN) (with lossy FIFO queues as mailboxes) R. Traverso, G. Delzanno C.I.N.A. meeting 16/20 ABN: Results (ICTCS12, LATA13) COVER K (M ABN ) ABN COVER (M ABN ) ABN LFIFO PTime PTime PTime PTime Bag PTime undec. PTime undec. FIFO undec. undec. undec. undec. ABN / ABN AHN X LFIFO Bag FIFO Fully connected graphs PTime PTime/undec. undec. Arbitrary graphs undec. PTime PTime/undec. undec. R. Traverso, G. Delzanno C.I.N.A. meeting 17/20 ABN: Extension with time (in progress) Extensions to the model: Each automaton is equipped with k 2N local clocks. Each received message is associated to its current age. Transition guards. With k = 0, COVER should be decidable. R. Traverso, G. Delzanno C.I.N.A. meeting 18/20 ABN: Extension with quantified send and receive (future) Two new communication primitives: existential send (!!9 a); universal receive (??8 a). COVER, by adding only ??8 a actions: in fully-connected graphs, it should be undecidable; uncommonly, it seems to be more difficult to be able to solve it in fully-connected graphs rather than in arbitrary graphs. With both !!9 a and ??8 a actions: for arbitrary graphs, it should be undecidable; R. Traverso, G. Delzanno C.I.N.A. meeting 19/20 Thank you for your attention! R. Traverso, G. Delzanno C.I.N.A. meeting 20/20
